Event details

Explore the ins and outs of two security features enabled by default in Windows 11, version 22H2: Windows Defender Credential Guard and LSA protection. Explore the criteria for enablement, security b...
Heather_Poulsen
Updated Dec 27, 2024
Technical Takeoff
Matthew_Palko's avatar
Matthew_Palko
Icon for Microsoft rankMicrosoft
Oct 24, 2022
There are legitimate reasons for a process to load into LSA, but we prefer if LSA APIs are used if possible. For example, in the talk auth packages are mentioned which are a legitimate reason. We have seen processes (for example some AVs), which will inject into all sorts of processes on the system, including LSA. In the specific case of Chrome, I do no not know.
Paul_Woodward's avatar
Paul_Woodward
Iron Contributor
Oct 24, 2022
Thanks. It just creates an incredible amount of noise, we wouldn't see a LSA block that should concern us in the sea of seemingly benign blocks. This is then a support issue, how can Service Desk know a fault is related to this security policy or some other problem?